As many of you have likely already noticed, we are now showing update alerts for main site profiles to users when they onto the forums.
Right now the messages randomly pop up 50% of the time when users log on and haven't updated their profiles after 11/27/2013. The messages ask you to go and update your main site profile (and specifically to re-enter your password even if you wish to keep the same password). If you get the message and don't want to update your profile today, just reload or re-log onto the forums. Again, it's a 50/50 chance each time you log on if your profile is old.
We have users that have not updated their profiles in many years... Users that haven't updated their profiles in a long time have their passwords stored in a legacy format. Over time, we have instituted stronger and stronger encryption standards. (For the technically fluent and curious, on 11/27/2013 we increased the size and complexity of password salts that go with security hashes. Our practice is not to save copies of people's passwords, just hashes and salts that allow us to determine in real time if a password submitted is valid).
Also, we have a surprising number of users that have chosen passwords that don't match our current complexity requirements. For example, a number have used the last 4 digits of their phone number! These users will be required to choose a password with a little more complexity moving forward.
In the future you will be asked to to update your profile: (1) any time we make a change to data fields on the profile page (which doesn't happen very often), (2) as we change how we store information (in the most recent case, as we increased security), (3) upon changes to terms and conditions, and (4) likely every 3 to 6 months anyway in the future.
One of the things I have been surprised at is the number of people that haven't updated their profiles in so long that they find themselves locked out of their own accounts. In short, they forget what email address they are using for their account. Often they are registered under a Hotmail or Yahoo account they now haven't used in years, are now using a Gmail account, and have forgotten what email address is tied to their account. It is my hope that by getting members to at least look at their profiles on a regular basis and at least confirming nothing has changed that people will update old email addresses before they become a problem.
If you do ever get locked out of your account, click 'sign in' on the main site and then use the lost password function. If you find yourself stuck (still), then click on 'About Us' and contact us at the email address found (or on the forums if you still have access here)
Right now the messages randomly pop up 50% of the time when users log on and haven't updated their profiles after 11/27/2013. The messages ask you to go and update your main site profile (and specifically to re-enter your password even if you wish to keep the same password). If you get the message and don't want to update your profile today, just reload or re-log onto the forums. Again, it's a 50/50 chance each time you log on if your profile is old.
We have users that have not updated their profiles in many years... Users that haven't updated their profiles in a long time have their passwords stored in a legacy format. Over time, we have instituted stronger and stronger encryption standards. (For the technically fluent and curious, on 11/27/2013 we increased the size and complexity of password salts that go with security hashes. Our practice is not to save copies of people's passwords, just hashes and salts that allow us to determine in real time if a password submitted is valid).
Also, we have a surprising number of users that have chosen passwords that don't match our current complexity requirements. For example, a number have used the last 4 digits of their phone number! These users will be required to choose a password with a little more complexity moving forward.
In the future you will be asked to to update your profile: (1) any time we make a change to data fields on the profile page (which doesn't happen very often), (2) as we change how we store information (in the most recent case, as we increased security), (3) upon changes to terms and conditions, and (4) likely every 3 to 6 months anyway in the future.
One of the things I have been surprised at is the number of people that haven't updated their profiles in so long that they find themselves locked out of their own accounts. In short, they forget what email address they are using for their account. Often they are registered under a Hotmail or Yahoo account they now haven't used in years, are now using a Gmail account, and have forgotten what email address is tied to their account. It is my hope that by getting members to at least look at their profiles on a regular basis and at least confirming nothing has changed that people will update old email addresses before they become a problem.
If you do ever get locked out of your account, click 'sign in' on the main site and then use the lost password function. If you find yourself stuck (still), then click on 'About Us' and contact us at the email address found (or on the forums if you still have access here)
Last edited:
